2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) by Tim Potter 2000-2002
7 Copyright (C) Andrew Tridgell 2002
8 Copyright (C) Jelmer Vernooij 2003
9 Copyright (C) Volker Lendecke 2004
11 This program is free software; you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation; either version 3 of the License, or
14 (at your option) any later version.
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 #include "popt_common.h"
28 #include "nsswitch/winbind_client.h"
29 #include "../../nsswitch/libwbclient/wbc_async.h"
30 #include "librpc/gen_ndr/messaging.h"
31 #include "../librpc/gen_ndr/srv_lsa.h"
32 #include "../librpc/gen_ndr/srv_samr.h"
37 #define DBGC_CLASS DBGC_WINBIND
39 static bool opt_nocache = False;
40 static bool interactive = False;
42 extern bool override_logfile;
44 /* Reload configuration */
46 static bool reload_services_file(const char *lfile)
51 const char *fname = lp_configfile();
53 if (file_exist(fname) && !strcsequal(fname,get_dyn_CONFIGFILE())) {
54 set_dyn_CONFIGFILE(fname);
58 /* if this is a child, restore the logfile to the special
59 name - <domain>, idmap, etc. */
60 if (lfile && *lfile) {
61 lp_set_logfile(lfile);
65 ret = lp_load(get_dyn_CONFIGFILE(),False,False,True,True);
74 /**************************************************************************** **
76 **************************************************************************** */
78 static void fault_quit(void)
83 static void winbindd_status(void)
85 struct winbindd_cli_state *tmp;
87 DEBUG(0, ("winbindd status:\n"));
89 /* Print client state information */
91 DEBUG(0, ("\t%d clients currently active\n", winbindd_num_clients()));
93 if (DEBUGLEVEL >= 2 && winbindd_num_clients()) {
94 DEBUG(2, ("\tclient list:\n"));
95 for(tmp = winbindd_client_list(); tmp; tmp = tmp->next) {
96 DEBUGADD(2, ("\t\tpid %lu, sock %d (%s)\n",
97 (unsigned long)tmp->pid, tmp->sock,
98 client_is_idle(tmp) ? "idle" : "active"));
103 /* Flush client cache */
105 static void flush_caches(void)
107 /* We need to invalidate cached user list entries on a SIGHUP
108 otherwise cached access denied errors due to restrict anonymous
109 hang around until the sequence number changes. */
111 if (!wcache_invalidate_cache()) {
112 DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
113 if (!winbindd_cache_validate_and_initialize()) {
119 static void flush_caches_noinit(void)
122 * We need to invalidate cached user list entries on a SIGHUP
123 * otherwise cached access denied errors due to restrict anonymous
124 * hang around until the sequence number changes.
126 * Skip uninitialized domains when flush cache.
127 * If domain is not initialized, it means it is never
128 * used or never become online. look, wcache_invalidate_cache()
129 * -> get_cache() -> init_dc_connection(). It causes a lot of traffic
130 * for unused domains and large traffic for primay domain's DC if there
134 if (!wcache_invalidate_cache_noinit()) {
135 DEBUG(0, ("invalidating the cache failed; revalidate the cache\n"));
136 if (!winbindd_cache_validate_and_initialize()) {
142 /* Handle the signal by unlinking socket and exiting */
144 static void terminate(bool is_parent)
147 /* When parent goes away we should
148 * remove the socket file. Not so
149 * when children terminate.
153 if (asprintf(&path, "%s/%s",
154 get_winbind_pipe_dir(), WINBINDD_SOCKET_NAME) > 0) {
162 trustdom_cache_shutdown();
164 gencache_stabilize();
168 TALLOC_CTX *mem_ctx = talloc_init("end_description");
169 char *description = talloc_describe_all(mem_ctx);
171 DEBUG(3, ("tallocs left:\n%s\n", description));
172 talloc_destroy(mem_ctx);
177 serverid_deregister(procid_self());
184 static void winbindd_sig_term_handler(struct tevent_context *ev,
185 struct tevent_signal *se,
191 bool *is_parent = talloc_get_type_abort(private_data, bool);
193 DEBUG(0,("Got sig[%d] terminate (is_parent=%d)\n",
194 signum, (int)*is_parent));
195 terminate(*is_parent);
198 bool winbindd_setup_sig_term_handler(bool parent)
200 struct tevent_signal *se;
203 is_parent = talloc(winbind_event_context(), bool);
210 se = tevent_add_signal(winbind_event_context(),
213 winbindd_sig_term_handler,
216 DEBUG(0,("failed to setup SIGTERM handler"));
217 talloc_free(is_parent);
221 se = tevent_add_signal(winbind_event_context(),
224 winbindd_sig_term_handler,
227 DEBUG(0,("failed to setup SIGINT handler"));
228 talloc_free(is_parent);
232 se = tevent_add_signal(winbind_event_context(),
235 winbindd_sig_term_handler,
238 DEBUG(0,("failed to setup SIGINT handler"));
239 talloc_free(is_parent);
246 static void winbindd_sig_hup_handler(struct tevent_context *ev,
247 struct tevent_signal *se,
253 const char *file = (const char *)private_data;
255 DEBUG(1,("Reloading services after SIGHUP\n"));
256 flush_caches_noinit();
257 reload_services_file(file);
260 bool winbindd_setup_sig_hup_handler(const char *lfile)
262 struct tevent_signal *se;
266 file = talloc_strdup(winbind_event_context(),
273 se = tevent_add_signal(winbind_event_context(),
274 winbind_event_context(),
276 winbindd_sig_hup_handler,
285 static void winbindd_sig_chld_handler(struct tevent_context *ev,
286 struct tevent_signal *se,
294 while ((pid = sys_waitpid(-1, NULL, WNOHANG)) > 0) {
295 winbind_child_died(pid);
299 static bool winbindd_setup_sig_chld_handler(void)
301 struct tevent_signal *se;
303 se = tevent_add_signal(winbind_event_context(),
304 winbind_event_context(),
306 winbindd_sig_chld_handler,
315 static void winbindd_sig_usr2_handler(struct tevent_context *ev,
316 struct tevent_signal *se,
325 static bool winbindd_setup_sig_usr2_handler(void)
327 struct tevent_signal *se;
329 se = tevent_add_signal(winbind_event_context(),
330 winbind_event_context(),
332 winbindd_sig_usr2_handler,
341 /* React on 'smbcontrol winbindd reload-config' in the same way as on SIGHUP*/
342 static void msg_reload_services(struct messaging_context *msg,
345 struct server_id server_id,
348 /* Flush various caches */
350 reload_services_file((const char *) private_data);
353 /* React on 'smbcontrol winbindd shutdown' in the same way as on SIGTERM*/
354 static void msg_shutdown(struct messaging_context *msg,
357 struct server_id server_id,
360 /* only the parent waits for this message */
361 DEBUG(0,("Got shutdown message\n"));
366 static void winbind_msg_validate_cache(struct messaging_context *msg_ctx,
369 struct server_id server_id,
375 DEBUG(10, ("winbindd_msg_validate_cache: got validate-cache "
379 * call the validation code from a child:
380 * so we don't block the main winbindd and the validation
381 * code can safely use fork/waitpid...
383 child_pid = sys_fork();
385 if (child_pid == -1) {
386 DEBUG(1, ("winbind_msg_validate_cache: Could not fork: %s\n",
391 if (child_pid != 0) {
393 DEBUG(5, ("winbind_msg_validate_cache: child created with "
394 "pid %d.\n", (int)child_pid));
400 if (!winbindd_reinit_after_fork(NULL)) {
404 /* install default SIGCHLD handler: validation code uses fork/waitpid */
405 CatchSignal(SIGCHLD, SIG_DFL);
407 ret = (uint8)winbindd_validate_cache_nobackup();
408 DEBUG(10, ("winbindd_msg_validata_cache: got return value %d\n", ret));
409 messaging_send_buf(msg_ctx, server_id, MSG_WINBIND_VALIDATE_CACHE, &ret,
414 bool winbindd_use_idmap_cache(void)
419 bool winbindd_use_cache(void)
424 void winbindd_register_handlers(void)
426 struct tevent_timer *te;
427 /* Setup signal handlers */
429 if (!winbindd_setup_sig_term_handler(true))
431 if (!winbindd_setup_sig_hup_handler(NULL))
433 if (!winbindd_setup_sig_chld_handler())
435 if (!winbindd_setup_sig_usr2_handler())
438 CatchSignal(SIGPIPE, SIG_IGN); /* Ignore sigpipe */
441 * Ensure all cache and idmap caches are consistent
442 * and initialized before we startup.
444 if (!winbindd_cache_validate_and_initialize()) {
448 /* get broadcast messages */
450 if (!serverid_register(procid_self(),
451 FLAG_MSG_GENERAL|FLAG_MSG_DBWRAP)) {
452 DEBUG(1, ("Could not register myself in serverid.tdb\n"));
456 /* React on 'smbcontrol winbindd reload-config' in the same way
457 as to SIGHUP signal */
458 messaging_register(winbind_messaging_context(), NULL,
459 MSG_SMB_CONF_UPDATED, msg_reload_services);
460 messaging_register(winbind_messaging_context(), NULL,
461 MSG_SHUTDOWN, msg_shutdown);
463 /* Handle online/offline messages. */
464 messaging_register(winbind_messaging_context(), NULL,
465 MSG_WINBIND_OFFLINE, winbind_msg_offline);
466 messaging_register(winbind_messaging_context(), NULL,
467 MSG_WINBIND_ONLINE, winbind_msg_online);
468 messaging_register(winbind_messaging_context(), NULL,
469 MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus);
471 messaging_register(winbind_messaging_context(), NULL,
472 MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list);
474 messaging_register(winbind_messaging_context(), NULL,
475 MSG_WINBIND_VALIDATE_CACHE,
476 winbind_msg_validate_cache);
478 messaging_register(winbind_messaging_context(), NULL,
479 MSG_WINBIND_DUMP_DOMAIN_LIST,
480 winbind_msg_dump_domain_list);
482 /* Register handler for MSG_DEBUG. */
483 messaging_register(winbind_messaging_context(), NULL,
487 netsamlogon_cache_init(); /* Non-critical */
489 /* clear the cached list of trusted domains */
493 if (!init_domain_list()) {
494 DEBUG(0,("unable to initialize domain list\n"));
499 init_locator_child();
501 smb_nscd_flush_user_cache();
502 smb_nscd_flush_group_cache();
504 te = tevent_add_timer(winbind_event_context(), NULL, timeval_zero(),
505 rescan_trusted_domains, NULL);
507 DEBUG(0, ("Could not trigger rescan_trusted_domains()\n"));
512 int main(int argc, char **argv, char **envp)
514 static bool is_daemon = False;
515 static bool Fork = True;
516 static bool log_stdout = False;
517 static bool no_process_group = False;
521 OPT_NO_PROCESS_GROUP,
524 struct poptOption long_options[] = {
526 { "stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
527 { "foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Daemon in foreground mode" },
528 { "no-process-group", 0, POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
529 { "daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
530 { "interactive", 'i', POPT_ARG_NONE, NULL, 'i', "Interactive mode" },
531 { "no-caching", 'n', POPT_ARG_NONE, NULL, 'n', "Disable caching" },
537 TALLOC_CTX *frame = talloc_stackframe();
540 /* glibc (?) likes to print "User defined signal 1" and exit if a
541 SIGUSR[12] is received before a handler is installed */
543 CatchSignal(SIGUSR1, SIG_IGN);
544 CatchSignal(SIGUSR2, SIG_IGN);
546 fault_setup((void (*)(void *))fault_quit );
547 dump_core_setup("winbindd");
551 /* Initialise for running in non-root mode */
555 set_remote_machine_name("winbindd", False);
557 /* Set environment variable so we don't recursively call ourselves.
558 This may also be useful interactively. */
560 if ( !winbind_off() ) {
561 DEBUG(0,("Failed to disable recusive winbindd calls. Exiting.\n"));
565 /* Initialise samba/rpc client stuff */
567 pc = poptGetContext("winbindd", argc, (const char **)argv, long_options, 0);
569 while ((opt = poptGetNextOpt(pc)) != -1) {
571 /* Don't become a daemon */
583 case OPT_NO_PROCESS_GROUP:
584 no_process_group = true;
593 d_fprintf(stderr, "\nInvalid option %s: %s\n\n",
594 poptBadOption(pc, 0), poptStrerror(opt));
595 poptPrintUsage(pc, stderr, 0);
600 if (is_daemon && interactive) {
601 d_fprintf(stderr,"\nERROR: "
602 "Option -i|--interactive is not allowed together with -D|--daemon\n\n");
603 poptPrintUsage(pc, stderr, 0);
607 if (log_stdout && Fork) {
608 d_fprintf(stderr, "\nERROR: "
609 "Can't log to stdout (-S) unless daemon is in foreground +(-F) or interactive (-i)\n\n");
610 poptPrintUsage(pc, stderr, 0);
616 if (!override_logfile) {
618 if (asprintf(&lfile,"%s/log.winbindd",
619 get_dyn_LOGFILEBASE()) > 0) {
620 lp_set_logfile(lfile);
624 setup_logging("winbindd", log_stdout);
627 DEBUG(0,("winbindd version %s started.\n", samba_version_string()));
628 DEBUGADD(0,("%s\n", COPYRIGHT_STARTUP_MESSAGE));
630 if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
631 DEBUG(0, ("error opening config file\n"));
635 /* Initialise messaging system */
637 if (winbind_messaging_context() == NULL) {
641 if (!reload_services_file(NULL)) {
642 DEBUG(0, ("error opening config file\n"));
646 if (!directory_exist(lp_lockdir())) {
647 mkdir(lp_lockdir(), 0755);
657 if (!secrets_init()) {
659 DEBUG(0,("Could not initialize domain trust account secrets. Giving up\n"));
663 /* Unblock all signals we are interested in as they may have been
664 blocked by the parent process. */
666 BlockSignals(False, SIGINT);
667 BlockSignals(False, SIGQUIT);
668 BlockSignals(False, SIGTERM);
669 BlockSignals(False, SIGUSR1);
670 BlockSignals(False, SIGUSR2);
671 BlockSignals(False, SIGHUP);
672 BlockSignals(False, SIGCHLD);
675 become_daemon(Fork, no_process_group, log_stdout);
677 pidfile_create("winbindd");
681 * If we're interactive we want to set our own process group for
684 if (interactive && !no_process_group)
685 setpgid( (pid_t)0, (pid_t)0);
690 /* Don't use winbindd_reinit_after_fork here as
691 * we're just starting up and haven't created any
692 * winbindd-specific resources we must free yet. JRA.
695 status = reinit_after_fork(winbind_messaging_context(),
696 winbind_event_context(),
697 procid_self(), false);
698 if (!NT_STATUS_IS_OK(status)) {
699 DEBUG(0,("reinit_after_fork() failed\n"));
703 winbindd_register_handlers();
705 rpc_lsarpc_init(NULL);
708 if (!init_system_info()) {
709 DEBUG(0,("ERROR: failed to setup system user info.\n"));
713 /* setup listen sockets */
715 if (!winbindd_setup_listeners()) {
716 DEBUG(0,("winbindd_setup_listeners() failed\n"));
721 /* Loop waiting for requests */
723 frame = talloc_stackframe();
725 if (tevent_loop_once(winbind_event_context()) == -1) {
726 DEBUG(1, ("tevent_loop_once() failed: %s\n",